Mac users who use pip and PyPI:
If you are running macOS/OS X version 10.12 or older, then you ought to upgrade to the latest pip (9.0.3) to connect to the Python Package Index securely:
curl https://bootstrap.pypa.io/get-pip.py | python
and we recommend you do that by April 8th.
Pip 9.0.3 supports TLSv1.2 when running under system Python on macOS < 10.13. Official release notes: https://pip.pypa.io/en/stable/news/
As PSF blogged last year https://pyfound.blogspot.com/2017/01/time-to-upgrade-your-python-tls-v12.htm... , on June 30, 2018, Python.org sites are going to entirely stop supporting TLS versions 1.0 and 1.1, because our CDN provider is deprecating support for those versions.
We are launching the new PyPI (in beta at https://pypi.org) this month and replacing the legacy PyPI (https://pypi.python.org). Here's the beta announcement for the new PyPI: https://pyfound.blogspot.com/2018/03/warehouse-all-new-pypi-is-now-in-beta.h...
Warehouse, the codebase for the new PyPI, does not support TLS 1.0 or 1.1.
As of late March, the Python Package Index has started doing brownouts of the deprecated TLS versions. For some portion of each hour, anyone attempting to access PyPI with TLSv1.0 or TLSv1.1 will get a 403 response with an informative error. We are ramping up the amount of time the endpoint is down for the deprecated TLS versions, and plan to make the endpoint 100% unavailable (for the deprecated TLS versions) on and after April 8th, prior to the final deadline. That gives us a few months where, someone tries to "pip install", we can give a good error message -- once June 30th hits, it will just be an uninformative OpenSSL error.
If you have problems accessing PyPI, upgrading pip, etc., please file an issue at https://github.com/pypa/packaging-problems/issues/ and we'll help figure it out.
Thank you. Please publicize this. (I'm about to cross-post this to python-list/comp.lang.python.)